@ahus1 Was it on purpose to prohibit using SimpleHttp with custom HttpClient here #27656?

@ahus1, with the changes in #27656 it is not possible to pass a http client with own configuration. When keycloak will be used with built-in OIDC identity-providers, it works fine, because http client takes truststore from global settings. But i have a custom identity provider, which works only over mTLS and adding the additional key/certificate pair to the global truststore was not an option, for this i needed to build a separate http client. My pull-request does not break the mentioned above, it is just an extension for this particular case.

@mint-lemon-eucalyptus - the original use case for the SimpleHttp was to provide a pre-configured common HTTP Client so you don't need to configure your own.

The methods you now ask to be public require an Apache HttpClient to be created first. Before I would consider making the methods public, I'd like to understand the added value you get from using SimpleHttp and not using the Apache HttpClient without it.

@ahus1, just look at AbstractOAuth2IdentityProvider.Endpoint class. The added value will be a separate keystore